The Kaseya hack is a valuable lesson about the importance of database security
Database security/tag/security is only going to become more important as more user data is collected and, as a result, databases become an increasing target for attackers.
Without a doubt, the Kaseya hack is one of 2021’s biggest cybersecurity stories. In July, the Florida-based IT company was hit by a ransomware attack that affected not just Kaseya, but also more than 1,000 companies around the world that relied on Kaseya’s technology. The attack is being referred to as the largest ransomware attack on record by experts and is serious enough that President Biden’s administration has even discussed a possible diplomatic response.
Hackers involved in the attack, a Russian hacking group called REvil, managed to infiltrate Kaseya and seize an enormous amount of customer data. They then demanded a massive $70 million to return the customer data.
The Kaseya breach may be larger than most attacks of its kind, but it nonetheless reinforces a fact that’s been known for a long time: Sensitive data is both valuable (evidenced by the $70m demanded for its safe return) and vulnerable (evidenced by the fact that it could be illegally accessed in the first place.) A hack of this scale is an abject lesson in database security.
The Kaseya breach
According to a recent Bloomberg report, Kaseya executives were warned of potentially major security flaws far ahead of the attacks. Over the span of several years, Kaseya employees claim that they raised myriad cybersecurity concerns, only to be rebuffed by those who could have made the necessary changes.
Among the alleged issues was that Kaseya stored customer passwords in the form of clear text, rather than encrypting them. It also supposedly failed to regularly patch its software and servers. These vulnerabilities were reportedly not atypical of an approach to security best practices that, evidently, was lax.
Few companies or organizations have the potential to be responsible for a data breach of the scope of the Kaseya breach. Nonetheless, it is a timely reminder of how much importance organizations should place on securing their databases and the data that is stored in them. Fortunately, there are lessons they can apply to enhance this security.
#1. Carry out frequent access reviews
Ease of use and system security can often appear to be enemies of one another. This can be seen through the “privilege creep” that often affects companies when it comes to their IT systems. When employees switch job titles or move between assignments, they are frequently granted new access permissions so as to be able to carry out their work. The problem is that previous permissions which are no longer needed are often not rescinded with anywhere near as much regularity.
Like handing out your front door keys to multiple friends and neighbors and never asking for them to be returned, this opens up new security risks. That isn’t to suggest that these staff members aren’t trustworthy but, simply put, the more people whose accounts can be used to access critical systems, the more sources of potential vulnerabilities you have.
Carrying out frequent reviews of which employees have access, and to which systems, should be a standard part of any cybersecurity team’s playbook. Particular attention should be paid to those with direct access to sensitive databases.
#2. Use the “least privilege” principle
Related to the phenomenon of privilege creep is the principle of least privilege (often referred to as PoLP). As its name suggests, PoLP is all about making sure that employees have the minimum amount of access or permission that is needed to perform their job.
That isn’t the same as removing redundant privileges for employees who no longer need them; it’s reviewing the privileges of employees who do have to carry out a relevant task and trying to minimize them so that people don’t have more access than they need.
For example, it might mean asking whether database administrators need to have access to all databases within a system or just those that they are specifically tasked with maintaining and otherwise working on.
#3. Ensure strong encryption is utilized
Utilizing database encryption means that, even if data is exfiltrated as part of a breach, it is useless to attackers without having access to the necessary decryption key. A database is, ultimately, a container for information. You can think of encryption as putting a lock on that container.
#4. Monitor what’s happening on your database
The steps above are all crucial. But, in the event that attackers do manage to breach a database, even with the right precautions taken, it’s essential that you know about it as soon as possible. That’s where database monitoring comes in.
Using a single pane of glass solution to monitor all databases is a great way of managing risk. Meanwhile, database-monitoring tools make it easier to detect both insider and outsider threats in real-time and to respond quickly.
The importance of database security
Database security/tag/security is only going to become more important as more user data is collected and, as a result, databases become an increasing target for attackers. Unfortunately, incidents like the Kaseya hack will continue to happen. But that doesn’t mean that organizations can’t learn from it and use the lessons to fortify their own defenses.